[tor-commits] [tor/master] Move entry-guard-is-up notification later into dirguard path.
nickm at torproject.org
nickm at torproject.org
Wed Jan 11 14:52:32 UTC 2017
commit 9d37449fb022c687e4982a7c6b3438806d89c758
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Jan 2 09:56:06 2017 -0500
Move entry-guard-is-up notification later into dirguard path.
Previously we were marking directory guards up in
..._process_inbuf(), but that's wrong: we call that function on
close as well as on success. Instead, we're marking the dirguard up
only after we parse the HTTP headers. Closes 20974.
---
changes/bug20974 | 5 +++++
src/or/directory.c | 30 +++++++++++++++---------------
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/changes/bug20974 b/changes/bug20974
new file mode 100644
index 0000000..febe510
--- /dev/null
+++ b/changes/bug20974
@@ -0,0 +1,5 @@
+ o Minor bugfixes (guards, bootstrapping):
+ - When connecting to a directory guard during bootstrap, do not
+ mark the guard as successful until we receive a good-looking
+ directory response from it. Fixes bug 20974; bugfix on 0.3.0.1-alpha.
+
diff --git a/src/or/directory.c b/src/or/directory.c
index c42cc95..62cb12e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1967,6 +1967,21 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
escaped(reason),
conn->base_.purpose);
+ if (conn->guard_state) {
+ /* we count the connection as successful once we can read from it. We do
+ * not, however, delay use of the circuit here, since it's just for a
+ * one-hop directory request. */
+ /* XXXXprop271 note that this will not do the right thing for other
+ * waiting circuits that would be triggered by this circuit becoming
+ * complete/usable. But that's ok, I think.
+ */
+ /* XXXXprop271 should we count this as only a partial success somehow?
+ */
+ entry_guard_succeeded(&conn->guard_state);
+ circuit_guard_state_free(conn->guard_state);
+ conn->guard_state = NULL;
+ }
+
/* now check if it's got any hints for us about our IP address. */
if (conn->dirconn_direct) {
char *guess = http_get_header(headers, X_ADDRESS_HEADER);
@@ -2578,21 +2593,6 @@ connection_dir_process_inbuf(dir_connection_t *conn)
tor_assert(conn);
tor_assert(conn->base_.type == CONN_TYPE_DIR);
- if (conn->guard_state) {
- /* we count the connection as successful once we can read from it. We do
- * not, however, delay use of the circuit here, since it's just for a
- * one-hop directory request. */
- /* XXXXprop271 note that this will not do the right thing for other
- * waiting circuits that would be triggered by this circuit becoming
- * complete/usable. But that's ok, I think.
- */
- /* XXXXprop271 should we count this as only a partial success somehow?
- */
- entry_guard_succeeded(&conn->guard_state);
- circuit_guard_state_free(conn->guard_state);
- conn->guard_state = NULL;
- }
-
/* Directory clients write, then read data until they receive EOF;
* directory servers read data until they get an HTTP command, then
* write their response (when it's finished flushing, they mark for
More information about the tor-commits
mailing list